2024-08-23_c63ec979b8186249dc3bd401947eee8d_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-23_c63ec979b8186249dc3bd401947eee8d_avoslocker_revil
Size

29.2MB
MD5

c63ec979b8186249dc3bd401947eee8d
SHA1

38bd0f394f4e03ff768bb27fbb4abd1462194375
SHA256

4ac824cdc62426c0a3ddb2cff4fe1475e527c319fd5e75528dfe6e82a99607cd
SHA512

c8703ccc9514fc344a3e9be1e24718fd79358392ecb3161fb9bcc267aca3edfaa1925e00d472e2b4e9583605d637df8f7bca31285da161212b2f85433c3c7736
SSDEEP

786432:K8Yr68QhQlxWijRsr9l0UCuIT8YGt/mAAL+c:bYTtAmRq2tT8F1C

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-23_c63ec979b8186249dc3bd401947eee8d_avoslocker_revil

Files

2024-08-23_c63ec979b8186249dc3bd401947eee8d_avoslocker_revil
.exe windows:5 windows x86 arch:x86

914abd938b6811960ade98165bf81361

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\2024\Release\Main.pdb

Imports

kernel32

GetProcessHeap
MultiByteToWideChar
HeapSize
GetCurrentProcessId
GetLogicalDriveStringsA
HeapAlloc
OpenProcess
GetVolumeNameForVolumeMountPointA
FindClose
FindNextFileA
GetDriveTypeA
GetCurrentProcess
HeapFree
FindFirstFileA
WideCharToMultiByte
GlobalMemoryStatusEx
InterlockedDecrement
DeleteFileA
WaitForSingleObject
CreatePipe
WriteFile
SetHandleInformation
ReadFile
CreateProcessA
CloseHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetTimeZoneInformation
GetFileAttributesExW
SetEndOfFile
SetStdHandle
HeapReAlloc
SetFilePointerEx
ReadConsoleW
CreateDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
GetLastError
Sleep
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
LocalFree
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
CreateFileW
ExitThread

advapi32

DuplicateToken
StartServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetFileSecurityA
AccessCheck
LookupAccountSidA
OpenProcessToken
SetServiceStatus
MapGenericMask
GetTokenInformation
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CreateServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle
ChangeServiceConfig2A

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysStringLen
VariantClear
SysFreeString
VariantInit

ws2_32

WSACleanup
WSAStartup
inet_ntoa
inet_addr
ioctlsocket
sendto
htons
htonl
closesocket
ntohl
select
socket
connect

wininet

InternetQueryOptionA
HttpOpenRequestA
InternetSetOptionA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpQueryInfoA

iphlpapi

GetIpNetTable
GetAdaptersInfo

Sections

.text
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ok3.pyc

Sharing

General

Malware Config

Signatures

Files

914abd938b6811960ade98165bf81361

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

ws2_32

wininet

iphlpapi

Sections

.text Size: 422KB - Virtual size: 422KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 9KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 422KB - Virtual size: 422KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 9KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB